Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Bleeping Computer

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB ...
Forbes

Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How

Update, Sept. 17, 2024: This story, originally published Sept. 15, now includes details of more credential-stealing threats targeting web browser users. Newly published research has revealed how ...